Turn off WP_DEBUG on a live/production WordPress site
It is generally a very good idea to turn off WP_DEBUG on a live/production WordPress site.
The official WordPress documentation and almost every best-practice guide strongly recommend keeping WP_DEBUG set to false on production sites. Here's why, along with the important nuances:
Main Reasons to Turn It Off in Production
- Security risk — When WP_DEBUG is true, PHP errors, warnings, and notices are often displayed directly on the screen. These messages can leak sensitive information like:
- File paths on your server
- Database table names / structure
- API keys / credentials (if they're in the error output)
- Plugin/theme vulnerabilities Hackers love seeing this kind of output — it's basically free reconnaissance.
- Broken user experience — Warnings and notices can appear in the middle of pages, headers, footers, or even break layouts completely. Visitors see ugly technical messages instead of your clean site.
- Performance hit (minor but real) — Constant error checking + potential logging adds unnecessary overhead, especially on high-traffic sites. Growing debug.log files can also eat disk space if not managed.
Recommended Production Settings (in wp-config.php)
define( 'WP_DEBUG', false );
// These two are optional but good hygiene
define( 'WP_DEBUG_DISPLAY', false ); // even if WP_DEBUG is somehow true
@ini_set( 'display_errors', 0 );Better Alternative for Production: Logging Without Displaying
If you still want to catch errors on a live site (very sensible for monitoring), use this combo instead:
define( 'WP_DEBUG', true ); // enables the debug system
define( 'WP_DEBUG_LOG', true ); // writes to wp-content/debug.log
define( 'WP_DEBUG_DISPLAY', false ); // VERY IMPORTANT — no on-screen output
@ini_set( 'display_errors', 0 );Many managed WordPress hosts do exactly this by default log silently, rotate logs, and protect the log file from public access.
Quick Summary Table
| Environment | WP_DEBUG | WP_DEBUG_DISPLAY | WP_DEBUG_LOG | Typical Use Case |
|---|---|---|---|---|
| Local dev | true | true | optional | See everything immediately |
| Staging | true | false | true | Test safely, capture logs |
| Production | false | false | optional* | Security + clean visitor experience |
| Production (monitored) | true | false | true | Catch errors without showing them |
Bottom line for most people running live sites: yes turn WP_DEBUG off (set it to false) unless you're actively troubleshooting something right now, and even then, only do it temporarily or behind an IP restriction.
If your site is already live and showing weird warnings/notices, that's usually a sign WP_DEBUG (or PHP's display_errors) is on.
